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VIII. Claims Appendix 

1. (Previously Presented) A method comprising: 

establishing a global zone, wherein the global zone is a global operating system 
environment that can support execution of one or more processes; 

establishing a non-global zone within the global zone, wherein the non-global 

zone is a partition of the global operating system environment, wherein the 
non-global zone operates as a separate and distinct operating system 
environment, and wherein the non-global zone can support execution of 
one or more processes; 

isolating a first process executing within the non-global zone to the non-global 

zone so that the first process does not have visibility or access to processes 
and objects that are not associated with the non-global zone; 

permitting a second process executing within the global zone to have visibility 
and access to processes and objects associated with the global zone; and 

permitting the second process executing within the global zone to have access to 
processes and objects associated with the non-global zone, if the second 
process has a privilege to cross zone boundaries. 

2. (Previously Presented) The method of claim 1, further comprising: 
permitting the second process executing within the global zone to have visibility 

of processes and objects associated with the non-global zone without 
requiring the second process to have the privilege to cross zone 
boundaries. 



(Previously Presented) The method of claim 1, further comprising: 

receiving a request from the second process executing within the global zone to 

cross zone boundaries; and 
granting the second process the privilege to cross zone boundaries, if the second 

process is authorized to receive such a privilege. 

(Previously Presented) The method of claim 1, wherein the non-global zone has a 
first zone identifier associated therewith, wherein processes and objects associated 
with the non-global zone have the first zone identifier associated therewith, and 
wherein isolating the first process to the non-global zone comprises: 
allowing the first process executing within the non-global zone to view or access 

a target process or object only if the target process or object has the first 

zone identifier associated therewith. 

(Previously Presented) The method of claim 4, wherein the global zone has a 
second zone identifier associated therewith, wherein processes and objects 
associated with the global zone have the second zone identifier associated 
therewith, and wherein permitting the second process to have visibility and access 
to processes and objects associated with the global zone comprises: 
allowing the second process executing within the global zone to view and access 

an intended process or object if the intended process or object has the 

second zone identifier associated therewith. 



(Previously Presented) The method of claim 1, further comprising: 

receiving an identifier indicating a zone selected from at least one of the global 

zone and the non-global zone; and 
mounting file system resources comprising processes to be executed in the zone 

indicated by the identifier to a portion of a file system associated with the 

zone indicated by the identifier; 
thereby enabling the processes of the file system resources to obtain at least one 

of visibility and access to objects within the zone corresponding to the 

identifier. 

(Original) The method of claim 6, wherein the file system resources are mounted 
to a subdirectory of a root directory of a portion of a file system associated with 
the zone indicated by the identifier; thereby enabling processes expecting a tree 
like directory structure to execute within the zone indicated by the identifier. 

(Original) The method of claim 6, further comprising: 

enabling select processes to be visible to all other processes in the global zone and 
the non-global zone. 

(Previously Presented) The method of claim 6, wherein file system resources 
comprise processes to be executed in any zone, the method further comprising: 



receiving a request by a requesting process to access processes in the file system 
resources; and 

limiting access to processes in the file system resources based upon the requesting 
process' relationship with a zone indicated in the request; 

thereby enabling the processes of the file system resources to obtain at least one 
of visibility and access to objects within the zone corresponding to the 
identifier. 

10. (Original) The method of claim 1, further comprising: 

providing information about the zone with which a process is associated based 
upon identity of a requesting process and relationship between the 
requesting process and the zone. 

11. Canceled 

12. Canceled 

13. (Previously Presented) A computer readable storage medium, comprising: 
instructions for causing one or more processors to establish a global zone, 

wherein the global zone is a global operating system environment that can 
support execution of one or more processes; 
instructions for causing one or more processors to establish a non-global zone 
within the global zone, wherein the non-global zone is a partition of the 



global operating system environment, wherein the non-global zone 
operates as a separate and distinct operating system environment, and 
wherein the non-global zone can support execution of one or more 
processes; 

instructions for causing one or more processors to isolate a first process executing 
within the non-global zone to the non-global zone so that the first process 
does not have visibility or access to processes and objects that are not 
associated with the non-global zone; 

instructions for causing one or more processors to permit a second process 

executing within the global zone to have visibility and access to processes 
and objects associated with the global zone; and 

instructions for causing one or more processors to permit the second process 

executing within the global zone to have access to processes and objects 
associated with the non-global zone, if the second process has a privilege 
to cross zone boundaries. 

(Previously Presented) The computer readable storage medium of claim 13, 
further comprising: 

instructions for causing one or more processors to permit the second process 

executing within the global zone to have visibility of processes and objects 
associated with the non-global zone without requiring the second process 
to have the privilege to cross zone boundaries. 



15. (Previously Presented) The computer readable storage medium of claim 13, 
further comprising: 

instructions for causing one or more processors to receive a request from the 

second process executing within the global zone to cross zone boundaries; 
and 

granting the second process the privilege to cross zone boundaries, if the second 
process is authorized to receive such a privilege. 

16. (Previously Presented) The computer readable storage medium of claim 13, 
wherein the non-global zone has a first zone identifier associated therewith, 
wherein processes and objects associated with the non-global zone have the first 
zone identifier associated therewith, and wherein the instructions for causing one 
or more processors to isolate the first process to the non-global zone comprises: 
instructions for causing one or more processors to allow the first process 

executing within the non-global zone to view or access a target process or 
object only if the target process or object has the first zone identifier 
associated therewith. 

17. (Previously Presented) The computer readable storage medium of claim 16, 
wherein the global zone has a second zone identifier associated therewith, 
wherein processes and objects associated with the global zone have the second 
zone identifier associated therewith, and wherein the instructions for causing one 



or more processors to permit the second process to have visibility and access to 
processes and objects associated with the global zone comprises: 
instructions for causing one or more processors to allow the second process 

executing within the global zone to view and access an intended process or 
object if the intended process or object has the second zone identifier 
associated therewith. 

18. (Previously Presented) The computer readable storage medium of claim 13, 
further comprising: 

instructions for causing one or more processors to receive an identifier indicating 
a zone selected from at least one of the global zone and the non-global 
zone; and 

instructions for causing one or more processors to mount file system resources 

comprising processes to be executed in the zone indicated by the identifier 
to a portion of a file system associated with the zone indicated by the 
identifier. 

19. (Previously Presented) The computer readable storage medium of claim 18, 
wherein the file system resources are mounted to a subdirectory of a root 
directory of a portion of a file system associated with the zone indicated by the 
identifier; 

thereby enabling processes expecting a tree like directory structure to execute 
within the zone indicated by the identifier. 



20. (Previously Presented) The computer readable storage medium of claim 18, 
further comprising: 

instructions for causing one or more processors to enable select processes to be 
visible to all other processes in the global zone and the non-global zone. 



21. (Previously Presented) The computer readable storage medium of claim 18, 

wherein file system resources comprise processes to be executed in any zone, and 
wherein the computer readable storage medium further comprises: 
instructions for causing one or more processors to receive a request by a 

requesting process to access processes in the file system resources; and 
instructions for causing one or more processors to limit access to processes in the 

file system resources based upon a requesting process' relationship with a 

zone indicated in the request. 



22. (Previously Presented) The computer readable storage medium of claim 13, 
further comprising: 

instructions for causing one or more processors to provide information about the 
zone with which a process is associated based upon identity of a 
requesting process and relationship between the requesting process and the 
zone. 



23. 



Canceled 



24. Canceled 



25. (Previously Presented) An apparatus, comprising: 

means for establishing a global zone, wherein the global zone is a global 

operating system environment that can support execution of one or more 
processes; 

means for establishing a non-global zone within the global zone, wherein the non- 
global zone is a partition of the global operating system environment, 
wherein the non-global zone operates as a separate and distinct operating 
system environment, and wherein the non-global zone can support 
execution of one or more processes; 

means for isolating a first process executing within the non-global zone to the 

non-global zone so that the first process does not have visibility or access 
to processes and objects that are not associated with the non-global zone; 

means for permitting a second process executing within the global zone to have 
visibility and access to processes and objects associated with the global 
zone; and 

means for permitting the second process executing within the global zone to have 
access to processes and objects associated with the non-global zone, if the 
second process has a privilege to cross zone boundaries. 



26. Canceled 



(Previously Presented) A system, comprising: 

one or more processors; and 

a storage comprising: 

instructions for causing the one or more processors to establish a global 
zone, wherein the global zone is a global operating system 
environment that can support execution of one or more processes; 
instructions for causing the one or more processors to establish a non- 
global zone within the global zone, wherein the non-global zone is 
a partition of the global operating system environment, wherein the 
non-global zone operates as a separate and distinct operating 
system environment, and wherein the non-global zone can support 
execution of one or more processes; 
instructions for causing the one or more processors to isolate a first 

process executing within the non-global zone to the non-global 
zone so that the first process does not have visibility or access to 
processes and objects that are not associated with the non-global 
zone; 

instructions for causing the one or more processors to permit a second 
process executing within the global zone to have visibility and 
access to processes and objects associated with the global zone; 
and 



instructions for causing the one or more processors to permit the second 
process executing within the global zone to have access to 
processes and objects associated with the non-global zone, if the 
second process has a privilege to cross zone boundaries. 



